Issue
Can I suppress an external alert from triggering a threat ?
Environment
Red Canary
Resolution
From the External Alert, navigate to the bottom of the event details to create a suppression rule:
A new pop up will appear, with options for the suppression rule:
You can then view the Suppression rule created in the "Suppression Rules" tab from Alert Sources:
A similar process can be done from the threat itself as well. By changing the Remediation Status to "Not Remediated" followed by "This is authorized, non-testing activity" will cause a note to be added for future threats to be suppressed.
Comments
0 comments
Please sign in to leave a comment.